Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
menu search
person
Welcome To Ask or Share your Answers For Others

Categories

I would like to rig things so that my GCP service account can invite users to calendar events. So for example my-service-account@myproject.iam.gserviceaccount.com would invite user@myCorporation.com to an event. It seems to me that this should be possible simply by giving my-service-account@myproject.iam.gserviceaccount.com permission to use the Calendar API, without having user@myCorporation.com grant any additional permissions.

I tried to implement this example, but replaced the compute scope and the compute API calls with the calendar scope and calendar API calls. My code is returning the error

Insufficient Permission: Request had insufficient authentication scopes.

I've poked around on the internet a bunch, and I cannot tell if the problem is that I did something wrong or if the problem is that Google does not support what I'm trying to do.

I would greatly appreciate any insight.

Here is my code:

const {google} = require('googleapis');
const compute = google.compute('v1');

const {GoogleAuth} = require('google-auth-library');

async function main() {
  const auth = new GoogleAuth({
    scopes: ['https://www.googleapis.com/auth/calendar',
      'https://www.googleapis.com/auth/compute']
  });

  //keeping the compute stuff in as a sanity check
  //to ensure that the problem is with calendar, not something more general
  const authClient = await auth.getClient();
  const project = await auth.getProjectId();
  const res = await compute.zones.list({project, auth: authClient});
  console.log(res.data);

  createEvent(auth);
}

/**
 * Lists the next 10 events on the user's primary calendar.
 * @param {google.auth.OAuth2} auth An authorized OAuth2 client.
 */
function createEvent(auth) {
  const calendar = google.calendar({version: 'v3', auth});
  calendar.events.insert({
        calendarId: 'primary',
        event: {
          "description": "my test event",
          "start": {
            "date": "2020-05-20",
          },
          attendees: [{email: "myGuest@mailinator.com"}]
        }
      }
  );
}

main().catch(console.error);
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
441 views
Welcome To Ask or Share your Answers For Others

1 Answer

Answer:

You need to enable the APIs and provide scopes in three places: in your auth code, in the GCP console, and the Google Admin console.

More Information:

As I explained in the comments, the code you have provided should run without issue. The Insufficient Permission: Request had insufficient authentication scopes. error is a result of the service account not being given access to the required scopes somewhere on Google's side.

Make sure you have completed the following steps:

  1. Provided the scopes in the application as an auth object (which you have already done):
const auth = new GoogleAuth({
    scopes: ['https://www.googleapis.com/auth/calendar',
      'https://www.googleapis.com/auth/compute']
  });
  1. Enabled the Calendar API in the GCP console for your Service Account GCP Project.
  2. Provided the required scopes for your service account in the OAuth consent screen settings in GCP.
  3. Added the required scopes to the service account in the Google Admin console. This is done by following the Security > Advanced Settings > Manage API client access UI elements, and assigning all scopes the service account needs to the service account client ID.

Note: This final step must be done by a domain admin and can not be done by anyone who is not.

In this case, you will need to contact your domain admin to give your project API access.

I hope this is helpful to you!

References:


Related Answers:


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
...